Export limit exceeded: 363290 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 363290 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Export limit exceeded: 26245 CVEs match your query. Please refine your search to export 10,000 CVEs or fewer.

Search

Search Results (26245 CVEs found)

CVE Vendors Products Updated CVSS v3.1
CVE-2015-7945 1 Spi-inc 1 Ganeti 2025-04-20 N/A
The RESTful control interface (aka RAPI or ganeti-rapi) in Ganeti before 2.9.7, 2.10.x before 2.10.8, 2.11.x before 2.11.8, 2.12.x before 2.12.6, 2.13.x before 2.13.3, 2.14.x before 2.14.2, and 2.15.x before 2.15.2 allows remote attackers to obtain the DRBD secret via instance information job results.
CVE-2015-7893 1 Samsung 1 Galaxy S6 2025-04-20 N/A
SecEmailUI in Samsung Galaxy S6 does not sanitize HTML email content, allows remote attackers to execute arbitrary JavaScript.
CVE-2015-7850 3 Debian, Netapp, Ntp 7 Debian Linux, Clustered Data Ontap, Data Ontap and 4 more 2025-04-20 6.5 Medium
ntpd in NTP 4.2.x before 4.2.8p4, and 4.3.x before 4.3.77 allows remote authenticated users to cause a denial of service (infinite loop or crash) by pointing the key file at the log file.
CVE-2015-7847 1 Huawei 2 E3272s, E3272s Firmware 2025-04-20 N/A
Huawei MBB (Mobile Broadband) product E3272s with software versions earlier than E3272s-153TCPU-V200R002B491D09SP00C00 has a Denial of Service (DoS) vulnerability. An attacker could send a malicious packet to the Common Gateway Interface (CGI) of a target device and make it fail while setting the port attribute, which causes a DoS attack.
CVE-2015-7824 1 Botan Project 1 Botan 2025-04-20 N/A
botan 1.11.x before 1.11.22 makes it easier for remote attackers to decrypt TLS ciphertext data via a padding-oracle attack against TLS CBC ciphersuites.
CVE-2015-5194 6 Canonical, Debian, Fedoraproject and 3 more 14 Ubuntu Linux, Debian Linux, Fedora and 11 more 2025-04-20 N/A
The log_config_command function in ntp_parser.y in ntpd in NTP before 4.2.7p42 allows remote attackers to cause a denial of service (ntpd crash) via crafted logconfig commands.
CVE-2015-5187 1 Candlepinproject 1 Candlepin 2025-04-20 N/A
Candlepin allows remote attackers to obtain sensitive information by obtaining Java exception statements as a result of excessive web traffic.
CVE-2015-5186 1 Linux Audit Project 1 Linux Audit 2025-04-20 N/A
Audit before 2.4.4 in Linux does not sanitize escape characters in filenames.
CVE-2015-5146 3 Debian, Fedoraproject, Ntp 3 Debian Linux, Fedora, Ntp 2025-04-20 N/A
ntpd in ntp before 4.2.8p3 with remote configuration enabled allows remote authenticated users with knowledge of the configuration password and access to a computer entrusted to perform remote configuration to cause a denial of service (service crash) via a NULL byte in a crafted configuration directive packet.
CVE-2015-5069 2 Fedoraproject, Wesnoth 2 Fedora, Battle For Wesnoth 2025-04-20 N/A
The (1) filesystem::get_wml_location function in filesystem.cpp and (2) is_legal_file function in filesystem_boost.cpp in Battle for Wesnoth before 1.12.3 and 1.13.x before 1.13.1 allow remote attackers to obtain sensitive information via vectors related to inclusion of .pbl files from WML.
CVE-2015-5059 1 Mantisbt 1 Mantisbt 2025-04-20 N/A
The "Project Documentation" feature in MantisBT 1.2.19 and earlier, when the threshold to access files ($g_view_proj_doc_threshold) is set to ANYBODY, allows remote authenticated users to download attachments linked to arbitrary private projects via a file id number in the file_id parameter to file_download.php.
CVE-2015-4078 1 Cloudera 2 Cloudera Manager, Navigator 2025-04-20 N/A
Cloudera Navigator 2.2.x before 2.2.4 and 2.3.x before 2.3.3 include support for SSLv3 when configured to use SSL/TLS, which makes it easier for man-in-the-middle attackers to obtain cleartext data via a padding-oracle attack, a variant of CVE-2014-3566 (aka POODLE).
CVE-2014-9810 1 Imagemagick 1 Imagemagick 2025-04-20 5.5 Medium
The dpx file handler in ImageMagick allows remote attackers to cause a denial of service (segmentation fault and application crash) via a malformed dpx file.
CVE-2017-9046 1 Pmail 1 Pegasus 2025-04-20 N/A
winpm-32.exe in Pegasus Mail (aka Pmail) v4.72 build 572 allows code execution via a crafted ssgp.dll file that must be installed locally. For example, if ssgp.dll is on the desktop and executes arbitrary code in the DllMain function, then clicking on a mailto: link on a remote web page triggers the attack.
CVE-2016-7791 1 Exponentcms 1 Exponent Cms 2025-04-20 N/A
Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload an evil 'exploit.tar.gz' file to the website, then extract it by visiting '/install/index.php?install_sample=../../files/exploit', which leads to arbitrary code execution.
CVE-2014-0072 1 Apache 2 Cordova, Cordova File Transfer 2025-04-20 N/A
ios/CDVFileTransfer.m in the Apache Cordova File-Transfer standalone plugin (org.apache.cordova.file-transfer) before 0.4.2 for iOS and the File-Transfer plugin for iOS from Cordova 2.4.0 through 2.9.0 might allow remote attackers to spoof SSL servers by leveraging a default value of true for the trustAllHosts option.
CVE-2015-2253 1 Huawei 2 Oceanstor Uds, Oceanstor Uds Firmware 2025-04-20 N/A
The XML interface in Huawei OceanStor UDS devices with software before V100R002C01SPC102 allows remote authenticated users to obtain sensitive information via a crafted XML document.
CVE-2015-2251 1 Huawei 2 Oceanstor Uds, Oceanstor Uds Firmware 2025-04-20 N/A
The DeviceManager in Huawei OceanStor UDS devices with software before V100R002C01SPC102 might allow remote attackers to obtain sensitive information via a crafted UDS patch with JavaScript.
CVE-2015-2246 1 Huawei 2 P7-l10, P7-l10 Firmware 2025-04-20 N/A
The MeWidget module on Huawei P7 smartphones with software P7-L10 V100R001C00B136 and earlier versions could lead to the disclosure of contact information.
CVE-2016-7790 1 Exponentcms 1 Exponent Cms 2025-04-20 N/A
Exponent CMS 2.3.9 suffers from a remote code execution vulnerability in /install/index.php. An attacker can upload 'php' file to the website through uploader_paste.php, then overwrite /framework/conf/config.php, which leads to arbitrary code execution.